I use fail2ban on my servers to protect them from would-be attackers, if you don’t your either insanely nieve to the fact that somebody wants in your system, or your just wanting to see if you can get hacked. Most of the attackers I would assume are just after another « bot » in their « net », or maybe a place to host files.

Durzo hosts a script that allows you to log the attacks on you into a mysql database with geocoding, I thought this would be cool to use as I could see from where I was being attacked. I then got this working and another script to display the table in a web page so I could view the data easily.

I then found some scripts from Google to pull data from MySQL in a geolocation table and generate an XML file used to import into Google Maps. With some tweaking and customizing, I now have a map with the geolocation data as markers on the map. Not all the markers are right on a building, but they are close enough for me to see the areas from which attacks are coming.

Today I found myself reconfiguring a wireless access point I hadn’t used in a very long time. I no longer have the manual (so I could reset it to factory defaults) nor do I remember what the obscure IP address I configured it with was. Luckily I do know what network it’s setup for ( 192.168.1.x ) but I don’t want to have to try to connect to all 254 IP addresses (192.168.1.1 through 192.168.1.254) as that would take quite some time.

So what I’m going to do is use Nmap a swiss army knife for network operators and system admins. What we’re going to do is use Nmap to scan the entire network and tell us which IP addresses are active. This will allow us to drastically reduce the number of IP addresses we have to try.

There are Nmap versions for all three major OS’s *nix, OS X and Windows. I’ll be showing you the syntax for the *nix/OS X version.

nmap -sP 192.168.1.0/24

replace 192.168.1.0/24 with whatever network it is you’re trying to scan. The /24 is the netmask of the network in CDIR notation. If you need a cheat sheet you can find one here

Once you press return (or enter) Nmap will start to work pinging each and every IP address on your network and noting which ones respond and which don’t. (Note that if your device has a firewall that discards ping requests it will appear to be down to this scan)

Apple’s firmware password security is greatly enhanced in recent Mac models, making it a rather robust security feature.

With Apple’s firmware password feature on Mac systems you can lock down the options to select an alternative startup disk, boot to Safe or Single User modes, reset the PRAM, and otherwise start the system in ways that can bypass the security features of OS X.

However, as a security measure the firmware password has been met with some criticism because it could easily be bypassed by someone who has physical access to the system. In earlier Intel-based Macs the firmware password was stored in the PRAM of the system, and was simply read by the system’s EFI firmware before other PRAM variables in order to maintain the lock on the system; however, this setup had drawbacks that allowed the firmware to be reset or even revealed.

The firmware password on any Mac can be set using the Firmware Password utility that is available on the OS X installation volume.

Altering the system’s hardware configuration, such as by removing or adding RAM modules, would clear the security password and permit booting to alternative modes. Not only did this basic way of bypassing the password exist, but the password was also not stored very securely. While administrative rights are required to uncover it, with these rights one can use included utilities in OS X to reveal the password in the PRAM, which is masked only by a simple obfuscation routine.

These fallbacks made the Mac’s firmware password almost laughable as a security measure, but this has changed with newer Mac systems. Starting in 2011, users began finding they could no longer reset their firmware passwords simply by modifying the hardware configuration. The systems would maintain the lock and prevent the use of alternate boot modes, leaving no choice for those who had set the password and then forgotten it but to bring their systems in to Apple for servicing.

In these newer systems, instead of using the PRAM to store the EFI firmware password, Apple has resorted to using a separate programmable controller from Atmel (PDF) that contains lockable flash memory used to store the password. This tiny chip is tucked away on the motherboard and includes include a security feature that stores the password in ways that require special programming with identifier numbers for both your motherboard and the Atmel chip to access and erase, which must done using special routines during the boot process.

As it’s not dependent on other system components to maintain this lock, this new chip therefore cannot be unlocked simply by a hardware change. The password is also not available in the PRAM, so it cannot be revealed to users, regardless of their administrative status.

To reset the firmware password on newer Macs, you must now follow these steps:

Boot with Option key held to display the boot menu’s firmware password prompt.

Press Control-Option-Command-Shift-S to reveal a 33-digit hash (mixed letters and numbers) that contains an identifier for your specific motherboard and the Atmel chip used for your system. In this hash, the first 17 digits are an identifier for the system’s motherboard, and the last 16 digits are a hash for the password.

Submit the hash to Apple, where someone will put it through a special utility to create a keyfile that is specific for your machine.

Place the file on a special USB boot drive and hold Option to load the boot menu and select this drive.

The system will read the file and properly reset the firmware password stored in the Atmel chip.

This process may seem easy enough, except that the utility for creating the keyfile is kept at Apple so you have to go through an authorized service center, which will contact technicians at Apple for this service. Secondly, the Apple technicians will not give you the keyfile for unlocking your system, so you must get your system serviced to perform this step.

Apple’s Firmware Password utility in OS X’s Recovery HD partition is still used to set the firmware password on newer Macs.(Credit: Screenshot by Topher Kessler/CNET)

Even if you were able to get the keyfile, it cannot be used on any other Mac system. The Atmel chip’s serial number and motherboard identifier are factory-programmed, resulting in a pairing that is unique for your system. This is why the hash numbers for your system must be programmed into the keyfile, making it machine-specific.

Even so, there is one way to bypass the Atmel chip, which is to manually remove it and solder a new, unlocked chip to your motherboard; however, without precise reflow soldering tools and techniques, this would likely result in an unmitigated disaster that not only would void your warranty, but would very likely break your machine.

Coupled with Apple’s FileVault full-disk encryption to protect data should the hard drive be removed, the firmware password in Apple’s latest systems provides a very effective hardware security lock. Setting it up involves the same steps as for all of Apple’s hardware, but these advances make it so that to change or remove it you need to either use the same firmware password utility and remember the previous password, or have it serviced.